At my day job our team manages a lot of laptops, some of which are Macbooks. Since the Macs account for a fairly small share, we never implemented an MDM solution like Jamf, so we largely depend on using scripts to deploy software, and we manually adjust settings. As a mostly Microsoft shop, we use on premise Active Directory, and our Macs use LDAP to bind to the AD domain.